CISSP job description and daily job

garbo77garbo77 Member Posts: 11 ■□□□□□□□□□
Hi Guys,
how would you describe a job description/role for a CISSP certified engineer?
How would you image your role in a company? How your daily job?
I know it seems to be a strange question but every time I see a job offer where CISSP is required I this doubt shows up to my mind.
Thanks and regards

Comments

  • LonerVampLonerVamp OSCP, GCFA, GWAPT, CISSP, OSWP, CCNA Cyber Ops, Sec+, Linux+, AWS SAA, CCSK Member Posts: 471 ■■■■■■■□□□
    It's just a certification that says you know some things about managing security and risk. There's really no single thing or set of things you can read into a job description just from the CISSP requirement line. You'll have to look at the rest of the job description to get that. Every single job and role in information security might conceivably require or prefer a CISSP...

    Security Engineer/Analyst/Geek, Red & Blue Teams
    OSCP, GCFA, GWAPT, CISSP, OSWP, CCNA Cyber Ops, Sec+, Linux+, AWS SA-A, CCSK
    2020 goals: AWS Security Specialty, AWAE or SLAE, CISSP-ISSAP?
  • paul78paul78 Member Posts: 3,016 ■■■■■■■■■■
    Yeah - pretty much what @LonerVamp said. There's no real answer for this question. It's kinda like asking "can you provide the job description for a college or highschool graduate?"

    I know people with CISSP's who are software engineers, security analysts, engineers, CEO's, and CISOs, and all levels in-between.
  • cyberguyprcyberguypr Senior Member Mod Posts: 6,881 Mod
    Bad question. As said above the CISSP is the widest certification in the security space. Anyone from a GRC person to an engineer, to a CISO could have it as required for their roles.

    Examples in my market:

    - Deep Dive Analyst (stupidest title ever)
    - Sales Engineer
    - Security Architect
    - GRC Analyst
  • garbo77garbo77 Member Posts: 11 ■□□□□□□□□□
    cyberguypr wrote: »
    Bad question. As said above the CISSP is the widest certification in the security space. Anyone from a GRC person to an engineer, to a CISO could have it as required for their roles.

    Examples in my market:

    - Deep Dive Analyst (stupidest title ever)
    - Sales Engineer
    - Security Architect
    - GRC Analyst

    Let me try to clarify better my question: probably who replied to my thread is a CISSP Certified with an IT Security background.
    Since the CISSP is the widest certification in the security space, what kind of job/position would better fit with your expectations keeping in mind CISSP is not a technical certification. I know it's not an easy question to answer...
  • paul78paul78 Member Posts: 3,016 ■■■■■■■■■■
    garbo77 wrote: »
    Let me try to clarify better my question: probably who replied to my thread is a CISSP Certified with an IT Security background.
    Since the CISSP is the widest certification in the security space, what kind of job/position would better fit with your expectations keeping in mind CISSP is not a technical certification. I know it's not an easy question to answer...

    Tough question and you will likely get varying response and opinions.

    I've always viewed CISSP more as an entry level type certification that covers basic security concepts. The value that I usually derive from knowing that someone has a CISSP is that I have a rough idea for how long they have been working with security concepts and that they understand common security nomenclature. As for the type of job, it's usually someone that likely works in infosec but they could be in any role or level.
  • ThePawofRizzoThePawofRizzo SSCP, A+, N+, Sec+, CySA+, Cloud+, CWTS Member Posts: 389 ■■■■□□□□□□
    paul78 wrote: »
    Tough question and you will likely get varying response and opinions.

    I've always viewed CISSP more as an entry level type certification that covers basic security concepts. The value that I usually derive from knowing that someone has a CISSP is that I have a rough idea for how long they have been working with security concepts and that they understand common security nomenclature. As for the type of job, it's usually someone that likely works in infosec but they could be in any role or level.

    I'm working on CISSP, but given the breadth of knowledge required to pass the exam, I don't see it as an "entry level" certification at all. CompTIA exams are entry level, and focus on basic concepts moreso, in my opinion. CISSP, while not necessarily technical in the sense a CCIE exam would be, I see a candidate for CISSP would typically find it helpful to have years of actual work experience in IT...and, of course, years of experience in some of the domains is required to earn the certification.

    Job roles for the CISSP run the gamut, and I think the wide range of knowledge is helpful for that purpose. I have no plans to be a CISO or Security Manager. Rather, I'll continue in my Systems Engineer role, but the additional understanding of risk management, BCP and DR, vulnerabilities, etc. will help me consider information security as I perform my primary IT roles.
Sign In or Register to comment.